python-ldap
diff --git a/‎Doc/spelling_wordlist.txt
Lines changed: 1 addition & 0 deletions b/‎Doc/spelling_wordlist.txt
Lines changed: 1 addition & 0 deletions
diff --git a/‎Lib/ldap/connection.py
Lines changed: 53 additions & 12 deletions b/‎Lib/ldap/connection.py
Lines changed: 53 additions & 12 deletions
diff --git a/‎Lib/ldap/extop/__init__.py
Lines changed: 118 additions & 4 deletions b/‎Lib/ldap/extop/__init__.py
Lines changed: 118 additions & 4 deletions
diff --git a/‎Lib/ldap/ldapobject.py
Lines changed: 7 additions & 4 deletions b/‎Lib/ldap/ldapobject.py
Lines changed: 7 additions & 4 deletions
@@ -117,6 +117,7 @@ refreshDeletes
 refreshOnly
 requestName
 requestValue
+responseName
 resiter
 respvalue
 ResultProcessor
 
@@ -17,10 +17,11 @@
 import ldap
 from ldap.controls import DecodeControlTuples, RequestControl
 from ldap.extop import ExtendedRequest
+from ldap.extop.passwd import PasswordModifyResponse
 from ldap.ldapobject import SimpleLDAPObject, NO_UNIQUE_ENTRY
 from ldap.response import (
     Response,
-    SearchEntry, SearchReference, SearchResult,
+    SearchEntry, SearchReference,
     IntermediateResponse, ExtendedResult,
 )
 
@@ -32,10 +33,15 @@ class Connection(SimpleLDAPObject):
     resp_ctrl_classes = None
 
     def result(self, msgid: int = ldap.RES_ANY, *, all: int = 1,
-               timeout: Optional[float] = None) -> Optional[list[Response]]:
+               timeout: Optional[float] = None,
+               defaultIntermediateClass:
+                   Optional[type[IntermediateResponse]] = None,
+               defaultExtendedClass: Optional[type[ExtendedResult]] = None
+               ) -> Optional[list[Response]]:
         """
-        result([msgid: int = RES_ANY [, all: int = 1 [, timeout :
-                Optional[float] = None]]]) -> Optional[list[Response]]
+        result([msgid: int = RES_ANY [, all: int = 1 [,
+                    timeout: Optional[float] = None]]])
+            -> Optional[list[Response]]
 
         This method is used to wait for and return the result of an
         operation previously initiated by one of the LDAP asynchronous
@@ -87,13 +93,26 @@ def result(self, msgid: int = ldap.RES_ANY, *, all: int = 1,
 
         results = []
         for msgid, msgtype, controls, data in messages:
-            controls = DecodeControlTuples(controls, self.resp_ctrl_classes)
+            if controls is not None:
+                controls = DecodeControlTuples(controls, self.resp_ctrl_classes)
 
+            if msgtype == ldap.RES_INTERMEDIATE:
+                data['defaultClass'] = defaultIntermediateClass
+            if msgtype == ldap.RES_EXTENDED:
+                data['defaultClass'] = defaultExtendedClass
             m = Response(msgid, msgtype, controls, **data)
             results.append(m)
 
         return results
 
+    def add_s(self, dn: str,
+              modlist: list[tuple[str, Union[bytes, list[bytes]]]], *,
+              ctrls: RequestControls = None) -> ldap.response.AddResult:
+        msgid = self.add_ext(dn, modlist, serverctrls=ctrls)
+        responses = self.result(msgid)
+        result, = responses
+        return result
+
     def bind_s(self, dn: Optional[str] = None,
                cred: Union[None, str, bytes] = None, *,
                method: int = ldap.AUTH_SIMPLE,
@@ -119,17 +138,36 @@ def delete_s(self, dn: str, *,
         result, = responses
         return result
 
-    def extop_s(self, oid: Optional[str] = None,
+    def extop_s(self, name: Optional[str] = None,
                 value: Optional[bytes] = None, *,
                 request: Optional[ExtendedRequest] = None,
-                ctrls: RequestControls = None
+                ctrls: RequestControls = None,
+                defaultIntermediateClass: Optional[type[IntermediateResponse]] = None,
+                defaultExtendedClass: Optional[type[ExtendedResult]] = None
                 ) -> list[Union[IntermediateResponse, ExtendedResult]]:
         if request is not None:
-            oid = request.requestName
+            name = request.requestName
             value = request.encodedRequestValue()
 
-        msgid = self.extop(oid, value, serverctrls=ctrls)
-        return self.result(msgid)
+        msgid = self.extop(name, value, serverctrls=ctrls)
+        return self.result(msgid,
+                           defaultIntermediateClass=defaultIntermediateClass,
+                           defaultExtendedClass=defaultExtendedClass)
+
+    def modify_s(self, dn: str,
+                 modlist: list[tuple[str, Union[bytes, list[bytes]]]], *,
+                 ctrls: RequestControls = None) -> ldap.response.ModifyResult:
+        msgid = self.modify_ext(dn, modlist, serverctrls=ctrls)
+        responses = self.result(msgid)
+        result, = responses
+        return result
+
+    def passwd_s(self, user: Optional[str] = None,
+                 oldpw: Optional[bytes] = None, newpw: Optional[bytes] = None,
+                 ctrls: RequestControls = None) -> PasswordModifyResponse:
+        msgid = self.passwd(user, oldpw, newpw, serverctrls=ctrls)
+        res, = self.result(msgid, defaultExtendedClass=PasswordModifyResponse)
+        return res
 
     def search_s(self, base: Optional[str] = None,
                  scope: int = ldap.SCOPE_SUBTREE,
@@ -147,8 +185,11 @@ def search_s(self, base: Optional[str] = None,
                                 attrsonly=attrsonly, serverctrls=ctrls,
                                 sizelimit=sizelimit, timeout=timelimit)
         result = self.result(msgid, timeout=timeout)
+        # FIXME: we want a better way of returning a result with multiple
+        # messages, always useful in searches but other operations can also
+        # elicit those (by way of an IntermediateResponse)
         result[-1].raise_for_result()
-        return result[:-1]
+        return result
 
     def search_subschemasubentry_s(
             self, dn: Optional[str] = None) -> Optional[str]:
@@ -212,6 +253,6 @@ def find_unique_entry(self, base: Optional[str] = None,
         r = self.search_s(base, scope, filter, attrlist=attrlist,
                           attrsonly=attrsonly, ctrls=ctrls, timeout=timeout,
                           sizelimit=2)
-        if len(r) != 1:
+        if len(r) != 2:
             raise NO_UNIQUE_ENTRY(f'No or non-unique search result for {filter}')
         return r[0]
@@ -12,6 +12,13 @@
 from ldap import __version__
 from ldap import KNOWN_EXTENDED_RESPONSES, KNOWN_INTERMEDIATE_RESPONSES
 
+import ldap
+import ldap.response
+
+from typing import Optional
+
+_NOTSET = object()
+
 
 class ExtendedRequest:
   """
@@ -39,7 +46,7 @@ def encodedRequestValue(self):
     return self.requestValue
 
 
-class ExtendedResponse:
+class ExtendedResponse(ldap.response.ExtendedResult):
   """
   Generic base class for a LDAPv3 extended operation response
 
@@ -55,9 +62,116 @@ def __init_subclass__(cls):
 
     KNOWN_EXTENDED_RESPONSES.setdefault(cls.responseName, cls)
 
-  def __init__(self,responseName,encodedResponseValue):
+  @classmethod
+  def __convert_old_api(cls, responseName_or_msgid=_NOTSET,
+                        encodedResponseValue_or_msgtype=_NOTSET,
+                        controls=None, *,
+                        result=_NOTSET, matcheddn=_NOTSET, message=_NOTSET,
+                        referrals=_NOTSET, name=None, value=None,
+                        defaultClass: Optional[type['ExtendedResult']] = None,
+                        msgid=_NOTSET, msgtype=_NOTSET,
+                        responseName=_NOTSET, encodedResponseValue=_NOTSET,
+                        **kwargs):
+    """
+    Implements both old and new API:
+    __init__(self, responseName, encodedResponseValue)
+    and
+    __init__/__new__(self, msgid, msgtype, controls=None, *,
+                     result, matcheddn, message, referrals,
+                     defaultClass=None, **kwargs)
+    """
+    if responseName is not _NOTSET:
+        name = responseName
+        value = encodedResponseValue
+        msgid = None
+        msgtype = ldap.RES_EXTENDED
+        result = ldap.SUCCESS.errnum
+    elif responseName_or_msgid is not _NOTSET and \
+            isinstance(responseName_or_msgid, (str, type(None))):
+        if responseName is not _NOTSET:
+            raise TypeError("responseName passed twice")
+        if encodedResponseValue_or_msgtype is not _NOTSET and \
+                encodedResponseValue is not _NOTSET:
+            raise TypeError("encodedResponseValue passed twice")
+        name = responseName = responseName_or_msgid
+        value = encodedResponseValue = encodedResponseValue_or_msgtype
+        msgid = None
+        msgtype = ldap.RES_EXTENDED
+        result = ldap.SUCCESS.errnum
+    else:
+        responseName = name
+        encodedResponseValue = value
+        if msgid is _NOTSET:
+            if responseName_or_msgid is _NOTSET:
+                raise TypeError("msgid parameter not provided")
+            msgid = responseName_or_msgid
+        if msgtype is _NOTSET:
+            if encodedResponseValue_or_msgtype is _NOTSET:
+                raise TypeError("msgtype parameter not provided")
+            msgtype = encodedResponseValue_or_msgtype or ldap.RES_EXTENDED
+        if result is _NOTSET:
+            raise TypeError("result parameter not provided")
+        if matcheddn is _NOTSET:
+            raise TypeError("matcheddn parameter not provided")
+        if message is _NOTSET:
+            raise TypeError("message parameter not provided")
+        if referrals is _NOTSET:
+            raise TypeError("referrals parameter not provided")
+
+    return (
+        responseName, encodedResponseValue,
+        (msgid, msgtype, controls),
+        {'result': result,
+         'matcheddn': matcheddn,
+         'message': message,
+         'referrals': referrals,
+         'name': name,
+         'value': value,
+         'defaultClass': defaultClass,
+         **kwargs
+         }
+    )
+
+  def __new__(cls, *args, **kwargs):
+    """
+    Has to support both old and new API:
+    __new__(cls, responseName: Optional[str],
+            encodedResponseValue: Optional[bytes])
+    and
+    __new__(cls, msgid: int, msgtype: int, controls: Controls = None, *,
+            result: int, matcheddn: str, message: str, referrals: List[str],
+            defaultClass: Optional[type[ExtendedResponse]] = None,
+            **kwargs)
+
+    The old API is deprecated and will be removed in 4.0.
+    """
+    # TODO: retire polymorhpism when old API is removed (4.0?)
+    _, _, args, kwargs = __class__.__convert_old_api(*args, **kwargs)
+
+    return super().__new__(cls, *args, **kwargs)
+
+  def __init__(self, *args, **kwargs):
+    """
+    Supports both old and new API:
+    __init__(self, responseName: Optional[str],
+             encodedResponseValue: Optional[bytes])
+    and
+    __init__(self, msgid: int, msgtype: int, controls: Controls = None, *,
+             result: int, matcheddn: str, message: str, referrals: List[str],
+             defaultClass: Optional[type[ExtendedResponse]] = None,
+             **kwargs)
+
+    The old API is deprecated and will be removed in 4.0.
+    """
+    # TODO: retire polymorhpism when old API is removed (4.0?)
+    responseName, encodedResponseValue, _, _ = \
+        __class__.__convert_old_api(*args, **kwargs)
+
     self.responseName = responseName
-    self.responseValue = self.decodeResponseValue(encodedResponseValue)
+    if encodedResponseValue is not None:
+        self.responseValue = self.decodeResponseValue(encodedResponseValue)
+    else:
+        self.responseValue = None
 
   def __repr__(self):
     return f'{self.__class__.__name__}({self.responseName},{self.responseValue})'
@@ -70,7 +184,7 @@ def decodeResponseValue(self,value):
     return value
 
 
-class IntermediateResponse:
+class IntermediateResponse(ldap.response.IntermediateResponse):
   """
   Generic base class for a LDAPv3 intermediate response message
 
 
@@ -380,14 +380,17 @@ def extop_result(self,msgid=ldap.RES_ANY,all=1,timeout=None):
 
   def extop_s(self,extreq,serverctrls=None,clientctrls=None,extop_resp_class=None):
     msgid = self.extop(extreq,serverctrls,clientctrls)
-    res = self.extop_result(msgid,all=1,timeout=self.timeout)
+    resulttype,_,msgid,respctrls,respoid,respvalue = self.extop_result(msgid,all=1,timeout=self.timeout)
+    extop_resp_class = extop_resp_class or KNOWN_EXTENDED_RESPONSES.get(respoid)
     if extop_resp_class:
-      respoid,respvalue = res
       if extop_resp_class.responseName!=respoid:
         raise ldap.PROTOCOL_ERROR(f"Wrong OID in extended response! Expected {extop_resp_class.responseName}, got {respoid}")
-      return extop_resp_class(extop_resp_class.responseName,respvalue)
+      return extop_resp_class(msgid, resulttype, respctrls,
+                              result=0, matcheddn=None,
+                              message=None, referrals=None,
+                              name=respoid, value=respvalue)
     else:
-      return res
+      return respoid, respvalue
 
   def modify_ext(self,dn,modlist,serverctrls=None,clientctrls=None):
     """